Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IP CEF

hello

I am trying to debug why my load balancing is not giving me a 100% of the bandwidth, i tried few commands, if some one please explain what they mean and if there is something wrong in their output:

Router#sh cef not-cef

CEF Packets passed on to next switching layer

Slot No_adj No_encap Unsupp'ted Redirect Receive Options Access Frag

RP 1231 0 3687843 13 290906 0 0 0

Router#sh cef drop

CEF Drop Statistics

Slot Encap_fail Unresolved Unsupported No_route No_adj ChkSum_Err

RP 7308 0 0 6 0 0

#sh ip cef receive

Apr 21 00:57:54.663: CEF-Receive: Packet for 65.55.251.108 -- unsupported featur

e

Apr 21 00:57:54.663: CEF-Receive: Not supported for 208.98.1.46 thru Dialer5 - r

eceive

Apr 21 00:57:54.663: CEF-Receive: Packet for 208.98.1.46 -- unsupported feature

Apr 21 00:57:54.663: CEF-Receive: Not supported for 208.98.1.46 thru Dialer5 - r

eceive

Apr 21 00:57:54.663: CEF-Receive: Packet for 208.98.1.46 -- unsupported feature

Apr 21 00:57:54.663: CEF-Receive: Not supported for 209.73.166.140 thru Dialer2

- receive

22 REPLIES

Re: IP CEF

Hi there,

For CEF the Unsupported feature indicates that for the packet received the adjacency route information was dropped due to unsupported features.

By default, Cisco IOS software switches packets using the next fastest switching path (such as optimum, fast, or process switching) when CEF does not support a feature or encapsulation, and i think thats why your load balancing has problems.

For example since Cisco IOS Software Releases 11.2, CEF didn't support these features (I am trying to find out an updated list for you):

* Policy routing

* Network Address Translation (NAT)

* Access lists on the GSR

* Multipoint PPP

* SMDS

* Token Ring

* ATM dixie

* Inter-Switch Link (ISL)

http://www.cisco.com/en/US/products/sw/iosswrel/ps1824/products_feature_guide09186a0080087adc.html

HTH,

Mohammed Mahmoud.

New Member

Re: IP CEF

Thanks so much mohammed, i finally got a reply for this...

my version is 12.4, i am using 3845 router.

do you have any idea how to overcome this problem? what makes a packet supported feature and another not supported?

i need a solution if you have any idea please let me know.

thanks.

Re: IP CEF

Hi Baha,

Kindly post your configuration in order to think it out.

BR,

Mohammed Mahmoud.

New Member

Re: IP CEF

Hello Mohammed, thanks for your concern, here is the cfg:

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

boot-start-marker

boot-end-marker

!

enable secret xxx

!

aaa new-model

!

!

aaa authentication login default local

!

aaa session-id common

!

resource policy

!

ip subnet-zero

ip cef

ip cef load-sharing algorithm original

!

ip domain name xx.xx.xx.xx

ip name-server xx.xx.xx.xx

vpdn enable

!

!

username xxxx password 0 xxxx

!

!

interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

ip address 10.10.10.1 255.255.255.0 secondary

ip address xxx.xx.xx.xx 255.255.255.248

ip nat inside

ip tcp adjust-mss 1452

load-interval 30

duplex auto

speed auto

media-type rj45

negotiation auto

!

interface GigabitEthernet0/1

ip address 192.168.0.1 255.255.0.0

ip nat inside

ip tcp adjust-mss 1452

duplex auto

speed auto

media-type rj45

negotiation auto

!

interface ATM0/1/0

bandwidth 1088

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc 0/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

interface ATM0/2/0

bandwidth 1088

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc DSL 0/35

encapsulation aal5mux ppp dialer

dialer pool-member 2

!

!

interface ATM0/3/0

bandwidth 1088

no ip address

logging event atm pvc state

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc 0/35

encapsulation aal5mux ppp dialer

dialer pool-member 3

!

interface ATM3/0/0

bandwidth 1088

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc 0/35

encapsulation aal5mux ppp dialer

dialer pool-member 4

!

interface Dialer1

mtu 1492

bandwidth 1024

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication pap callin

ppp chap refuse

ppp pap sent-username xxx password 0 xxx

!

interface Dialer2

mtu 1492

bandwidth 1024

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 2

no cdp enable

ppp authentication pap callin

ppp chap refuse

ppp pap sent-username xxx password 0 xxxx

!

interface Dialer3

mtu 1492

bandwidth 1024

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 3

no cdp enable

ppp authentication pap callin

ppp chap refuse

ppp pap sent-username xxx password 0 xxx

!

interface Dialer4

mtu 1492

bandwidth 1024

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 4

dialer-group 4

ppp authentication pap callin

ppp chap refuse

ppp pap sent-username xxx password 0 xxx

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 0.0.0.0 0.0.0.0 Dialer2

ip route 0.0.0.0 0.0.0.0 Dialer3

ip route 0.0.0.0 0.0.0.0 Dialer4

!

ip nat inside source route-map Connection_1 interface Dialer1 overload

ip nat inside source route-map Connection_2 interface Dialer2 overload

ip nat inside source route-map Connection_3 interface Dialer3 overload

ip nat inside source route-map Connection_4 interface Dialer4 overload

!

no logging trap

access-list 1 permit 192.168.0.0 0.0.255.255

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 10 permit 10.10.10.9

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

access-list 101 permit ip 192.168.0.0 0.0.255.255 any

dialer-list 1 protocol ip permit

snmp-server community xxx RO

!

route-map Connection_1 permit 10

match ip address 1

match interface Dialer1

!

route-map Connection_2 permit 10

match ip address 1

match interface Dialer2

!

route-map Connection_3 permit 10

match ip address 1

match interface Dialer3

!

route-map Connection_4 permit 10

match ip address 1

match interface Dialer4

!

Re: IP CEF

Hi Baha,

why did you configure the "ip cef load-sharing algorithm original "

The following load-balancing algorithms are provided for use with CEF traffic. You select a load balancing algorithm with the ip cef load-sharing algorithm command.

?Original algorithm?The original CEF load-balancing algorithm produced distortions in load sharing across multiple routers because the same algorithm was used on every router. Depending on your network environment, you should select either the universal algorithm (default) or the tunnel algorithm.

?Universal algorithm?The universal load-balancing algorithm allows each router on the network to make a different load sharing decision for each source-destination address pair, which resolves load-sharing imbalances. The router is set to perform universal load sharing by default.

?Tunnel algorithm?The tunnel algorithm is designed to balance the per-packet load when only a few source and destination pairs are involved.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080430ac3.html

BR,

Mohammed Mahmoud.

New Member

Re: IP CEF

Hello Mohammed,

i tried this ip cef load-sharing algorithm original, after many trials, now i removed this line, i still recieve many 'Unsupported feature' when i debug ip cef receive.

is it my router limitations?

does the rest of my config looks fine?

thanks for you help.

Re: IP CEF

Hi Baha,

There is nothing wrong with your configuration.

May be the combination of your configuration (NAT, load-sharing and route-maps) have produced the unsupported feature. (Note that the unsupported feature packets are not dropped, they are normally fast switched which should not affect your BW utilization).

How are you testing your BW utilization ?

BR,

Mohammed Mahmoud.

New Member

Re: IP CEF

hi

my BW utilization is about 25% - 30% for each line.

even when i try to download something when the 4 lines at 25-30%, i dont get much bandwidth (2-3kbyte/s) and the download stops usually.

if i immeadiatly remove the line from the Cisco Router, and plugged it to a normal ADSL modem, i get 100% of the bandwidth!

anyway to trace what's really happening?

is there a diffrent or better way for load sharing?

thanks.

Re: IP CEF

Hi Baha,

I am really trying to help you out here, you are load-sharing per-destination which is fine with no problems, i am suspecting the MSS and MTU issue as it always affect the TCP performance.

interface GigabitEthernet0/0

ip tcp adjust-mss 1452

interface Dialer2

mtu 1492

BR,

Mohammed Mahmoud.

New Member

Re: IP CEF

hello mohammed,

i put this:

ip tcp adjust-mss 1452

because people couldnt login to yahoo or MSN

any suggestions to change the value?

also any suggestions to change the MTU?

thanks!

Re: IP CEF

Dear Baha,

The Dialer CEF feature is not supported when a static route is pointing to the Dialer without specifying a next hop IP address. When using the Cisco IOS Release 12.3(11)T and higher, the ppp ipcp default route command may be used in Dialer interface configuration mode to work around this restriction.

CEF was not supported over dialer interface (older IOS's)

Use the below URL for more information

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a008049b0ea.html#wp1029310

Dialer10 is up (if_number 8)

Corresponding hwidb fast_if_number 8

Corresponding hwidb firstsw->if_number 8

Internet Protocol processing disabled

Interface is marked as point to point interface

Packets switched to this interface are dropped to the next slow path: Dialer

Hardware idb is Dialer10

Fast switching type 15, interface type 85

(the above line said the packets recieved over dialer interface will be switched to next level switching)

Please rate helpful posts.

Best Regards,

Mounir Mohamed

Re: IP CEF

Dear Baha,

Please try the above solution and feedback us.

BR,

Mohammed Mahmoud.

New Member

Re: IP CEF

hello mohammed,

i have added ppp ipcp route default in each dialer int..

nothing has changed!

#debug ip cef rec

.Apr 23 21:24:12.412: IP-CEF: Receive packet for 88.84.97.8 (process switch)

.Apr 23 21:24:12.412: CEF-Receive: Not supported for 216.34.130.245 thru Dialer3

- receive

.Apr 23 21:24:12.412: CEF-Receive: Packet for 216.34.130.245 -- unsupported feat

ure

.Apr 23 21:24:12.428: CEF-Receive: Not supported for 84.48.216.192 thru Dialer1

- receive

.Apr 23 21:24:12.428: CEF-Receive: Packet for 84.48.216.192 -- unsupported featu

re

.Apr 23 21:24:12.428: CEF-Receive: Not supported for 207.46.106.70 thru Dialer6

- receive

.Apr 23 21:24

i dont really care for this messgae as much as i am not getting my 100% of the bandwidth, so any suggestion what to change the values of MTU & MSS?

thanks again and really appreciate your help.

Re: IP CEF

Dear Baha,

Did you route the default/static route to the next-hop, the PDF said the problem usually happen when the default/static routes pointing to the dialer interface

Hall of Fame Super Gold

Re: IP CEF

So why don't you try "no ip cef".

It's few hundreds of PPS after all, and the router should be able with that with fast-switching without a problem.

Re: IP CEF

Hi Baha,

Your MTU and adjust-mss values are the recommended values, like Paolo said why don't you disable CEF and we shall see what happens then, according to the router performance sheet there is merely any performance difference between CEF and Fast Switching (your CPU might increase a little bit):

http://www.cisco.com/warp/public/765/tools/quickreference/routerperformance.pdf

BR,

Mohammed Mahmoud.

Re: IP CEF

Why not use virtual-template instead of the dialer interface.

New Member

Re: IP CEF

Hi,

could you post me a sample config on how to use a virtual template?

also, i tried removing #no ip cef

and will post results in 24 hours.

thanks.

Re: IP CEF

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc 0/35

encapsulation aal5mux ppp virtual-template 10

no dialer pool-member 1

!

!

interface ATM0/2/0

bandwidth 1088

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc DSL 0/35

encapsulation aal5mux ppp virtual-template 10

no dialer pool-member 2

!

!

interface ATM0/3/0

bandwidth 1088

no ip address

logging event atm pvc state

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc 0/35

encapsulation aal5mux ppp virtual-template 10

no dialer pool-member 3

!

interface ATM3/0/0

bandwidth 1088

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc 0/35

encapsulation aal5mux ppp virtual-template 10

no dialer pool-member 4

interface Virtual-Template10

ip address x.x.x.x x.x.x.x

ppp multilink

ppp multilink fragment delay 10

ppp multilink interleave

IP nat outside

Note that the IP address should be configured on the Virtual-Template10 then only one default route pointing on the next-hop address.

Also currently no need for route-maps (IF all links belong to the same ISP)because the traffic received on the Giga interfaces will follow the default route, But if you need to only NAT specific local hosts use the route-map but note that no need to match on the outgoing interface the route-map can only match on the IP address and begin NAT it IF the destination the host trying to reach is reachable through the outside nat interface.

Please rate helpful posts.

Best Regards,

Mounir Mohamed

New Member

Re: IP CEF

Hello Mr Mounir,

isnt there supposed to be a user name / password in the virtual template to authenticate me?

also, i'll be using one IP address for all my four links, is that right?

ill be using the same ISP, so the route shouls look like:

#route 0.0.0.0 0.0.0.0 (NEXT_HOP_IP) ?

finally for natting, since i am using the same ISP as you said i wont be needing route_map any more.

but i will be natting my local IPs on the ip address of the Virtual-Template10 .

let me know very excited to implement this config!

thanks.

Re: IP CEF

Hi Baha,

Point 1 (virtual template to authenticate):

It's optional but no needs for authentication because it's point to point link, but if you care all you need to do it under the virtual template only add ppp authentication pap or chap and specifiy the AAA group or use the default AAA PPP profile.

Point 2 (Link IP address):

yes only one IP will be assigned to the virtual template, because all ATM interface considered as one link which presented by the virtual template.

Point 3 (Routing):

Yes only one default route should be pointing to the next-hop

Point 4 (NAT):

Yes you do not have to use route-map any more the below lines will be enough:

NAT Config:

ip nat inside source list 1 interface virtual template 10 overload

access-list 1 permit 1.1.1.1

access-list 1 permit 1.1.1.5 and so on

Let me know if you have any problem with such config.

Please Rate helpful posts.

Best Regards,

Mounir Mohamed

New Member

Re: IP CEF

hello Mounir,

i am trying as a test to configure a virtual template on 2 lines befor i do it on all the lines, just to make sure there is nothing wrong.

so i started without giving IP address:

!

interface Virtual-Template10

ip address negotiated

ip nat outside

ppp authentication pap callin

ppp chap refuse

ppp pap sent-username xx password x

ppp multilink

ppp multilink fragment delay 10

ppp multilink interleave

!

i will get an ip address soon, but this is only for test purpose, it seemed there was no connectivity, is this normal, shall i proceede?

here is the output of the debug ppp nego:

Apr 27 05:08:38.560: ppp437 LCP: Failed to negotiate with peer

Apr 27 05:08:38.560: ppp437 PPP: Sending Acct Event[Down] id[1AF]

Apr 27 05:08:38.560: ppp437 LCP: State is Closed

Apr 27 05:08:38.560: ppp437 PPP: Phase is DOWN

Apr 27 05:08:38.560: ppp437 PPP: Send Message[Disconnect]

Apr 27 05:08:39.488: ppp438 PPP: Send Message[Dynamic Bind Response]

Apr 27 05:08:39.488: ppp438 PPP: Using default call direction

Apr 27 05:08:39.488: ppp438 PPP: Treating connection as a dedicated line

Apr 27 05:08:39.488: ppp438 PPP: Session handle[530001BB] Session id[438]

Apr 27 05:08:39.488: ppp438 PPP: Phase is ESTABLISHING, Active Open

Apr 27 05:08:39.488: ppp438 LCP: O CONFREQ [Closed] id 1 len 36

Apr 27 05:08:39.488: ppp438 LCP: AuthProto PAP (0x0304C023)

Apr 27 05:08:39.488: ppp438 LCP: MagicNumber 0x1875BDC4 (0x05061875BDC4)

Apr 27 05:08:39.488: ppp438 LCP: MRRU 1524 (0x110405F4)

Apr 27 05:08:39.488: ppp438 LCP: EndpointDisc 1 KAMC_NahdiTabuk

Apr 27 05:08:39.488: ppp438 LCP: (0x1312014B414D435F4E61686469546162)

Apr 27 05:08:39.488: ppp438 LCP: (0x756B)

Apr 27 05:08:39.508: ppp438 LCP: I CONFREJ [REQsent] id 1 len 30

Apr 27 05:08:39.508: ppp438 LCP: AuthProto PAP (0x0304C023)

Apr 27 05:08:39.508: ppp438 LCP: MRRU 1524 (0x110405F4)

Apr 27 05:08:39.508: ppp438 LCP: EndpointDisc 1 KAMC_NahdiTabuk

Apr 27 05:08:39.508: ppp438 LCP: (0x1312014B414D435F4E61686469546162)

Apr 27 05:08:39.508: ppp438 LCP: (0x756B)

Apr 27 05:08:39.508: ppp438 LCP: O CONFREQ [REQsent] id 2 len 14

Apr 27 05:08:39.508: ppp438 LCP: AuthProto PAP (0x0304C023)

Apr 27 05:08:39.508: ppp438 LCP: MagicNumber 0x1875BDC4 (0x05061875BDC4)

587
Views
14
Helpful
22
Replies